Pages:
Author

Topic: 000webhost hacked - 13 million passwords leaked (Read 2059 times)

copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
November 18, 2015, 03:54:13 AM
#35
Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.
So that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.

Yes, this should be done in general and the password should not be easy to guess like e.g. 000webhost or winter123 which is why Password managers are so great.
legendary
Activity: 2674
Merit: 3000
Terminated.
Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.
Ah, that is what you meant. I understand now and you're right. Unless you exactly know my email address or something else that is specific, then you can't really tell which one might be me. For anyone that is affected they should just check that they aren't using the same password for anywhere else and there is no problem.
legendary
Activity: 1750
Merit: 1115
Providing AI/ChatGpt Services - PM!
That's some sad news.I had an account with webhost for personal stuff trying out my own website design and server side scripts.I did have some sensitive data but doesn't seem to be affected.I had saved my passwords of all crypto related stuff including my gambling website passwords.Nothing of mine seems to be leaked.All ready cleared my data though Smiley Thanks!
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.
Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.

Yes, but I can hardly grep for "Lauda's password". There are 232 lines with 'lauda' in it. There are also 5 people that use shorena as part of their password and 33 that contain 'shorena' in any context (mail, username or password), none of them are me. Thats what I meant with "badly formatted", but I also never expected you to share the password.
hero member
Activity: 812
Merit: 587
Space Lord
Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.

Non-related to 000webhost. But, one really awesome host that can be yours (free for one year) is the Amazon EC2. You get root access, and you can do anything you wish with it.
It's really easy to manage, and really easy to use.
legendary
Activity: 1232
Merit: 1030
give me your cryptos
Damn, to think the day before, I deleted my account xD

I never liked their service anyway. The only good thing that they provided was a working ftp connection to net2ftp. That's it. After let's say, 20 views, your website will shut down for having taken up too much bandwidth. I use hourb, which is the best, but the only problem is that their ftp servers don't work unless you use their file manager.
legendary
Activity: 1288
Merit: 1227
Away on an extended break
Yep, I found my old account there. It's good that I used a password manager and had unique passwords though Cheesy
sr. member
Activity: 267
Merit: 250
i guess thats why it was always the smartest thing to not use the same password for every site. I got i think 32 different passwords in my head I use lol
legendary
Activity: 2674
Merit: 3000
Terminated.
Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.
Badly formatted? What did you use to open the dump with? I thought it was Full name, email, password and it looked fine to me the last time I opened it.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
It's a legit dump nevertheless... I found my account inside  Undecided
Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know? Cheesy

You can PM me, I'll give you the dump.

Already got it, thanks.

Its hard to find that one password among 15 million, so in a sense I already "know" I just cant access the knowledge because its badly formatted. Even though I started formatting and sorting the passwords (I dont care much about the other data) its still difficult to handle due to the size.
hero member
Activity: 812
Merit: 587
Space Lord
It's a legit dump nevertheless... I found my account inside  Undecided
Yes, legit. I verified.

Just curious, what was your password?

Wouldn't you like to know? Cheesy

You can PM me, I'll give you the dump.
copper member
Activity: 1498
Merit: 1528
No I dont escrow anymore.
It's a legit dump nevertheless... I found my account inside  Undecided
Yes, legit. I verified.

Just curious, what was your password?

-snip-
They always say "more security" until someone leaks the next set of unencrypted data.

The way they handled the person reporting them the leak speaks volumes. They probably run other hosting companies as well, they did some cross promotions on facebook.

-snip-
Interesting "hard-to-crack" passwords indeed.
-snip-

do grep correcthorsebatterystaple

Some of the passwords are actually good though, they look random and have a decent length. Others however... Passw0rd, abc123, lots of keyboard walking.
legendary
Activity: 2674
Merit: 3000
Terminated.
It's a legit dump nevertheless... I found my account inside  Undecided
Yes, legit. I verified.

Did you find mine? A fucking 6char password... Damn I was an idiot back then. I think it was 2010. or something.
Not really. As said, I just looked through it I was not looking for anything particular and have already removed the file. Interesting "hard-to-crack" passwords indeed.

This had been happen some week ago but now they are back online, with more security.
They always say "more security" until someone leaks the next set of unencrypted data.
member
Activity: 91
Merit: 10
On the mission to earn 100 BTC
This had been happen some week ago but now they are back online, with more security.
Hello Flash1997,

I opened their website and i think now no one will be going to create an account their. The site doesn't provide any proof that our passwords are secured with them. They should be checked and verified by some group of users whom we can trust at all.

Hope to see them back in business soon, I had an account pwned! Tongue
Lt.Bitcoin
full member
Activity: 183
Merit: 100
This had been happen some week ago but now they are back online, with more security.
hero member
Activity: 812
Merit: 587
Space Lord
I have a copy of the dump. All the passwords are plaintext Grin
You see how dumb people actually are with their passwords...

What do I do with it now?

brag to your friends about having them LOL

edit:
Ahh i see the pwned site now.
Yeah i have been there before with another hacker story i seen at Neowin.net News site.
It's legit i think.
And no i was not on the list of pwned guys but i will see again now hahhaha
i thought it was just for that one incident long ago.. not multiple hacks etc.

edit:
Nope.
I checked all the accounts i use ..i was not on any list  Cool
I didn't think i would be..

It's a legit dump nevertheless... I found my account inside  Undecided
legendary
Activity: 1540
Merit: 1011
FUD Philanthropist™
I have a copy of the dump. All the passwords are plaintext Grin
You see how dumb people actually are with their passwords...

What do I do with it now?

brag to your friends about having them LOL

edit:
Ahh i see the pwned site now.
Yeah i have been there before with another hacker story i seen at Neowin.net News site.
It's legit i think.
And no i was not on the list of pwned guys but i will see again now hahhaha
i thought it was just for that one incident long ago.. not multiple hacks etc.

edit:
Nope.
I checked all the accounts i use ..i was not on any list  Cool
I didn't think i would be..
hero member
Activity: 812
Merit: 587
Space Lord
I have a copy of the dump. All the passwords are plaintext Grin
You see how dumb people actually are with their passwords...

What do I do with it now?
Well you can't generalize either. There are people that have created their accounts in the past for testing (or other reasons) and have not deleted them. However, you are also right. I have quickly looked through that list as well.

Did you find mine? A fucking 6char password... Damn I was an idiot back then. I think it was 2010. or something.
legendary
Activity: 2674
Merit: 3000
Terminated.
I have a copy of the dump. All the passwords are plaintext Grin
You see how dumb people actually are with their passwords...

What do I do with it now?
Well you can't generalize either. There are people that have created their accounts in the past for testing (or other reasons) and have not deleted them. However, you are also right. I have quickly looked through that list as well.
hero member
Activity: 812
Merit: 587
Space Lord
I have a copy of the dump. All the passwords are plaintext Grin
You see how dumb people actually are with their passwords...

What do I do with it now?
Pages:
Jump to: